Principal Risk Associate | Retail Bank Tech
Company: Capital One
Location: Mc Lean
Posted on: January 20, 2026
|
|
|
Job Description:
Principal Risk Associate | Retail Bank Tech Principal Associate
Role Summary The Principal Associate within the Tech, Cyber, Data,
and Resiliency (TCDR) team will strategically apply analytical
expertise to proactively identify, measure, and mitigate complex
TCDR risks while simultaneously promoting and fostering innovation
across the division. This is a highly collaborative role that
requires partnerships with Technology, Business, and Second Line
teams to identify and mitigate risks. Additionally, the Principal
Associate serves as a Dedicated Tech Risk Partner (DTRP) to key
technology stakeholders. In this capacity, they function as a
trusted risk partner who proactively manages risk by working
closely with engineering teams to develop effective, compliant
solutions and reporting to the executive leadership. This position
is central to driving organizational change through the effective
identification, rigorous measurement, detailed analysis, and
comprehensive reporting of TCDR risks. The Principal Associate acts
as a subject matter expert, tasked with managing and continuously
improving Tech Risk Metrics, with a specialized focus on
Technology, Compliance, Stability, and Resiliency. They ensure a
strong overall control environment across the division by
maintaining a strong command of data risk frameworks and regulatory
governance. Support the end-to-end execution and continuous
improvement of the Risk and Control Self-Assessment (RCSA) program.
Finally, the role involves diligent tracking and analysis of the
severity of critical incidents, documenting lessons learned, and
identifying concrete preventative measures to mitigate future
occurrences. Responsibilities Serve as the go-to Tech Risk Partner
for assigned engineering and technology teams, providing a "white
glove service" approach to ensure all necessary risk management
support, guidance, and resources are provided promptly. Proactively
work with technical teams to develop and execute clear pathways to
achieve compliance, drafting audit responses and reducing
regulatory exposure and control failures. Ensure all TCDR
governance questions, requirements, and compliance checks are
addressed and integrated into new service intake processes,
preventing downstream risk and redesign efforts. Participate in
Material Tech Change (MTC) reviews to proactively identify and vet
potential risk scenarios, assess threat models, and ensure controls
are updated to reflect the planned changes to the technology
environment. Support RCSA with facilitating cross-functional risk
workshops to identify and evaluate inherent risks and control
effectiveness, documenting clear conclusions and insights across
these technical domains. Conduct thorough control analysis to
identify design gaps, missing documentation, or outdated controls,
partnering with business leaders to perform risk leveling and
ensure appropriate control coverage. Prepare high-quality executive
reports that summarize the Tech, Cyber, Data, and Resiliency point
of view on technology risks derived from the RCSA process. Foster
collaborative relationships with stakeholders across the Second
Line and Third-Party Risk Management to ensure risk alignment.
Monitor the progress of remediation activities, following up on
outstanding control actions or delays to ensure timely risk
mitigation. Support control dissertation by managing spreadsheets
with up-to-date RCSA materials and comprehensive summaries. Subject
Matter Expert for metrics in four categories: Compliance,
Resiliency, Release Management, and Stability. Develop and maintain
a living standard spreadsheet detailing current metrics, defined
metric thresholds, non-compliance triggers, and the associated risk
of non-compliance for all four categories. Establish and execute a
daily process to report on non-compliant metrics to business
partners and engaging engineers. Contribute to the monthly
executive deck by explaining the drivers for non-compliance and
proposing the path to achieving compliance. Provide detailed
quarterly reporting on non-compliant metrics for executive
governance forums. Monitor the progress of remediation activities
and follow up on outstanding controls actions or delays.
Immediately investigate and validate the reported critical
incidents and the impact caused by the incident. Document all steps
taken, the root cause theory, final resolution/workaround, and the
lesson learned to prevent it from occurring again. Feed trend data
from repeated technology outage incidents back into the Risk and
Control Self-Assessment (RCSA) program to update control narratives
or increase the criticality rating of the related control. Basic
Qualifications At least 3 years of Cyber & Tech Risk Analysis
experience. At least 3 years of experience in Risk Management,
Compliance, Audit, or Control Testing. Preferred Qualifications 4
years of experience in a dedicated role focused on Technology Risk,
Cyber Risk, or Business Continuity. 2 years of consulting
experience with client and stakeholder relationships. Excellent
written and verbal communication skills, including experience
presenting complex risk topics to executive audiences. Relevant
professional certification (e.g., CRISC, CISA, or other risk/audit
certifications) At this time, Capital One will not sponsor a new
applicant for employment authorization for this position. The
minimum and maximum full-time annual salaries for this role are
listed below, by location. Please note that this salary information
is solely for candidates hired to perform work within one of these
locations, and refers to the amount Capital One is willing to pay
at the time of this posting. Salaries for part-time roles will be
prorated based upon the agreed upon number of hours to be regularly
worked. McLean, VA: $131,300 - $149,800 for Prin Assoc, Cyber Risk
& Analysis Candidates hired to work in other locations will be
subject to the pay range associated with that location, and the
actual annualized salary amount offered to any candidate at the
time of hire will be reflected solely in the candidate’s offer
letter. This role is also eligible to earn performance based
incentive compensation, which may include cash bonus(es) and/or
long term incentives (LTI). Incentives could be discretionary or
non discretionary depending on the plan. Capital One offers a
comprehensive, competitive, and inclusive set of health, financial
and other benefits that support your total well-being. Learn more
at the Capital One Careers website . Eligibility varies based on
full or part-time status, exempt or non-exempt status, and
management level. This role is expected to accept applications for
a minimum of 5 business days.No agencies please. Capital One is an
equal opportunity employer (EOE, including disability/vet)
committed to non-discrimination in compliance with applicable
federal, state, and local laws. Capital One promotes a drug-free
workplace. Capital One will consider for employment qualified
applicants with a criminal history in a manner consistent with the
requirements of applicable laws regarding criminal background
inquiries, including, to the extent applicable, Article 23-A of the
New York Correction Law; San Francisco, California Police Code
Article 49, Sections 4901-4920; New York City’s Fair Chance Act;
Philadelphia’s Fair Criminal Records Screening Act; and other
applicable federal, state, and local laws and regulations regarding
criminal background inquiries. If you have visited our website in
search of information on employment opportunities or to apply for a
position, and you require an accommodation, please contact Capital
One Recruiting at 1-800-304-9102 or via email at
RecruitingAccommodation@capitalone.com . All information you
provide will be kept confidential and will be used only to the
extent required to provide needed reasonable accommodations. For
technical support or questions about Capital One's recruiting
process, please send an email to Careers@capitalone.com Capital One
does not provide, endorse nor guarantee and is not liable for
third-party products, services, educational tools or other
information available through this site. Capital One Financial is
made up of several different entities. Please note that any
position posted in Canada is for Capital One Canada, any position
posted in the United Kingdom is for Capital One Europe and any
position posted in the Philippines is for Capital One Philippines
Service Corp. (COPSSC).
Keywords: Capital One, Dale City , Principal Risk Associate | Retail Bank Tech, IT / Software / Systems , Mc Lean, Virginia
